A Carleton University student has been charged with the criminal offenses of “Mischief to a computer and criminal use of data.” The charges came after he allegedly broke into Carleton’s computer system and grabbed confidential information about 32 students. He then reportedly used the information to show Carleton’s administration how insecure their computer system is. There has been no suggestion that he used the information for financial gain.

But, there has been no word whether the privacy commissioner will investigate or whether Carleton University will simply face public humiliation as a school that offers degrees in computer science, and been shown to have a computer system so insecure that a 20 year old undergrad could break into several accounts.

I also don’t recall seeing an apology from Carleton for their failure to keep private information private.

The only “crime” of the student in question is that he found the records of 32 students, and sent the info to the students. Most of those students are in Carleton’s Journalism program.

The school is considering additional penalties which could include a reprimand, suspension or expulsion. There is no word on whether they are considering fixing their computer system.